Sign-up

ID

VAR-201508-0008


CVE

CVE-2010-5306


TITLE

plural GE Healthcare Optima Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004013

DESCRIPTION

GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors. GE Healthcare Optima CT680, CT540, CT640, and CT520 are general computed tomography products for the medical industry. Multiple GE Healthcare Products are prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device

Trust: 2.52

sources: NVD: CVE-2010-5306 // JVNDB: JVNDB-2015-004013 // CNVD: CNVD-2015-05169 // BID: 76262 // VULHUB: VHN-47911

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-05169

AFFECTED PRODUCTS

vendor:gehealthcaremodel:optima ct520scope:eqversion: -

Trust: 1.6

vendor:gehealthcaremodel:optima ct680scope:eqversion: -

Trust: 1.6

vendor:gehealthcaremodel:optima ct540scope:eqversion: -

Trust: 1.6

vendor:ge healthcaremodel:optima ct520scope: - version: -

Trust: 0.8

vendor:ge healthcaremodel:optima ct540scope: - version: -

Trust: 0.8

vendor:ge healthcaremodel:optima ct640scope: - version: -

Trust: 0.8

vendor:ge healthcaremodel:optima ct680scope: - version: -

Trust: 0.8

vendor:general electricmodel:optima ct680scope: - version: -

Trust: 0.6

vendor:general electricmodel:optima ct540scope: - version: -

Trust: 0.6

vendor:general electricmodel:optima ct640scope: - version: -

Trust: 0.6

vendor:general electricmodel:optima ct520scope: - version: -

Trust: 0.6

vendor:gehealthcaremodel:optima ct680scope:eqversion:0

Trust: 0.3

vendor:gehealthcaremodel:optima ct640scope:eqversion:0

Trust: 0.3

vendor:gehealthcaremodel:optima ct540scope:eqversion:0

Trust: 0.3

vendor:gehealthcaremodel:optima ct520scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2015-05169 // BID: 76262 // JVNDB: JVNDB-2015-004013 // CNNVD: CNNVD-201508-020 // NVD: CVE-2010-5306

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-5306
value: HIGH

Trust: 1.0

NVD: CVE-2010-5306
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-05169
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201508-020
value: CRITICAL

Trust: 0.6

VULHUB: VHN-47911
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-5306
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-05169
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-47911
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-05169 // VULHUB: VHN-47911 // JVNDB: JVNDB-2015-004013 // CNNVD: CNNVD-201508-020 // NVD: CVE-2010-5306

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-47911 // JVNDB: JVNDB-2015-004013 // NVD: CVE-2010-5306

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-020

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201508-020

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004013

PATCH
title:Optima CT680 Series Installation Manualurl:http://apps.gehealthcare.com/servlet/ClientServlet/5472001-1EN_rev2.pdf?DOCCLASS=A&REQ=RAC&DIRECTION=5472001-1EN&FILENAME=5472001-1EN_rev2.pdf&FILEREV=2&DOCREV_ORG=2&SUBMIT=+ACCEPT+
Trust: 0.8
title:BrightSpeed Elite/Optima CT540 Installation Manualurl:http://apps.gehealthcare.com/servlet/ClientServlet/5341628-1EN_r12.pdf?DOCCLASS=A&REQ=RAC&DIRECTION=5341628-1EN&FILENAME=5341628-1EN_r12.pdf&FILEREV=12&DOCREV_ORG=12&SUBMIT=+ACCEPT+
Trust: 0.8
title:Optima CT520 Series Installation Manualurl:http://apps.gehealthcare.com/servlet/ClientServlet/5401943_rev%203.pdf?DOCCLASS=A&REQ=RAC&DIRECTION=5401943&FILENAME=5401943_rev+3.pdf&FILEREV=3&DOCREV_ORG=3&SUBMIT=+ACCEPT+
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004013

EXTERNAL IDS
db:NVDid:CVE-2010-5306
Trust: 3.4
db:ICS CERTid:ICSMA-18-037-02
Trust: 1.9
db:JVNDBid:JVNDB-2015-004013
Trust: 0.8
db:CNNVDid:CNNVD-201508-020
Trust: 0.7
db:CNVDid:CNVD-2015-05169
Trust: 0.6
db:BIDid:76262
Trust: 0.4
db:VULHUBid:VHN-47911
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05169 // 
            
            
            
            VULHUB: VHN-47911 // 
            
            
            
            BID: 76262 // 
            
            
            
            JVNDB: JVNDB-2015-004013 // 
            
            
            
            CNNVD: CNNVD-201508-020 // 
            
            
            
            NVD: CVE-2010-5306

REFERENCES
url:http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
Trust: 3.4
url:https://ics-cert.us-cert.gov/advisories/icsma-18-037-02
Trust: 1.9
url:http://apps.gehealthcare.com/servlet/clientservlet/5341628-1en_r12.pdf?req=raa&direction=5341628-1en&filename=5341628-1en_r12.pdf&filerev=12&docrev_org=12
Trust: 1.9
url:http://apps.gehealthcare.com/servlet/clientservlet/5401943_rev+3.pdf?req=raa&direction=5401943&filename=5401943_rev%2b3.pdf&filerev=3&docrev_org=3
Trust: 1.9
url:http://apps.gehealthcare.com/servlet/clientservlet/5472001-1en_rev2.pdf?req=raa&direction=5472001-1en&filename=5472001-1en_rev2.pdf&filerev=2&docrev_org=2
Trust: 1.9
url:https://twitter.com/digitalbond/status/619250429751222277
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5306
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5306
Trust: 0.8
url:http://www3.gehealthcare.com/en/global_gateway
Trust: 0.3
url:http://apps.gehealthcare.com/servlet/clientservlet/5341628-1en_r12.pdf?req=raa&direction=5341628-1en&filename=5341628-1en_r12.pdf&filerev=12&docrev_org=12
Trust: 0.1
url:http://apps.gehealthcare.com/servlet/clientservlet/5401943_rev+3.pdf?req=raa&direction=5401943&filename=5401943_rev%2b3.pdf&filerev=3&docrev_org=3
Trust: 0.1
url:http://apps.gehealthcare.com/servlet/clientservlet/5472001-1en_rev2.pdf?req=raa&direction=5472001-1en&filename=5472001-1en_rev2.pdf&filerev=2&docrev_org=2
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05169 // 
            
            
            
            VULHUB: VHN-47911 // 
            
            
            
            BID: 76262 // 
            
            
            
            JVNDB: JVNDB-2015-004013 // 
            
            
            
            CNNVD: CNNVD-201508-020 // 
            
            
            
            NVD: CVE-2010-5306

CREDITS
Scott Erven of Protiviti.
Trust: 0.3
sources:
            
            
            BID: 76262

SOURCES
db:CNVDid:CNVD-2015-05169
db:VULHUBid:VHN-47911
db:BIDid:76262
db:JVNDBid:JVNDB-2015-004013
db:CNNVDid:CNNVD-201508-020
db:NVDid:CVE-2010-5306

LAST UPDATE DATE
2024-08-14T13:33:49.769000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-05169date:2015-08-11T00:00:00
db:VULHUBid:VHN-47911date:2018-03-28T00:00:00
db:BIDid:76262date:2015-07-10T00:00:00
db:JVNDBid:JVNDB-2015-004013date:2018-04-02T00:00:00
db:CNNVDid:CNNVD-201508-020date:2015-08-06T00:00:00
db:NVDid:CVE-2010-5306date:2018-03-28T01:29:01.340

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-05169date:2015-08-11T00:00:00
db:VULHUBid:VHN-47911date:2015-08-04T00:00:00
db:BIDid:76262date:2015-07-10T00:00:00
db:JVNDBid:JVNDB-2015-004013date:2015-08-06T00:00:00
db:CNNVDid:CNNVD-201508-020date:2015-08-05T00:00:00
db:NVDid:CVE-2010-5306date:2015-08-04T14:59:09.503